Virginia Tech® home

Employees: Stay alert for phishing attempts

15 Jul 2024

From: Division of Information Technology

The Division of Information Technology urges the university community to be aware of a recent phishing attempt that has been circulating at Virginia Tech in recent days.  

This latest round of phishing claims that a “close contact” has tested positive for a contagious virus and contains a link to a fake login page that asks the recipient to enter their VT username and password. If you receive such an email, delete it. Do not reply or click any links.

An example of one of these emails and the fake login page are shown below. Note that bad actors frequently change subject lines and exact language during phishing scams.

example of phishing attempt and fake login page
Screenshot of recent phishing email with link to a fake login page sent to some Virginia Tech accounts. Note how the URL of the fake login page goes to a non-Virginia Tech domain.

Signs that an email is likely a phishing scam

  • The sender’s email address does not match the source of the email (e.g., the email claims to be from Virginia Tech, but does not come from "@vt.edu").
  • Links in the email look suspicious and/or lead to a URL that does not seem correct (e.g., a link purporting to go to a Virginia Tech resource goes to a non-vt.edu website).
  • The message requests personal information such as login credentials, address or phone, or financial data. 
  • The message contains unprompted requests to change or update passwords. (Virginia Tech will never request your username or password via email, text, or phone.)
  • The message uses scare tactics or creates a sense of urgency to get you to respond.
  • The message contains attachments you are not expecting.
  • Something seems off about the message’s language or subject matter. Trust your gut.

What to do if you receive any suspicious email

  • Do not reply. 
  • Do not click on any links or open any attachments. 
  • Self-report the phish through your email client (i.e., Gmail or Outlook).

If you aren’t sure whether an email is legitimate, contact the sender directly to verify.

If you suspect that your account has been compromised or experience any suspicious activity, such as a 2-factor authentication request that you did not initiate, report the incident immediately by calling 4Help at 540-231-4357 or submitting this request item.

screenshot of Outlook demonstrating where the Report Phishing tab is located.
You can report phishing through your Outlook client by selecting the “Report” tab.

Additional resources

Tags

Share this page